Tomas Kalibera

I don't think these are false positives. Are you 100% sure that these were not flagged before? A call to getAttrib() may return a fresh object that needs protection. So...

First of all for a package author, this doesn't matter, a package author should follow Writing R Extensions and assume defensively that a call to any function returns a fresh...

A pattern like this ``` extern SEXP sym_foo; // e.g., Rf_install("foo"); func_(SEXP x) { SEXP attr_foo = Rf_getAttrib(x, sym_foo); ``` has the additional difficulty that `sym_foo` can be anything (unless...

Ok, so it seems to me there is no related issue in rchk. Let me remind again to anyone who may come across this, rchk is by design and in...

Looking at your log, the new docker image uses a slightly newer version of rchk (changes there shouldn't influence these reports), but a much newer version of R than the...

It turns out this was a regression. The call to `Rf_install(?,S:properties)` in rchk terminology, so when the symbol name is "properties" and is given via a symbol variable, possibly a...

I'd consider changing the code. It is not guaranteed that if you set `names` attribute to a given value that the value will be used by reference. So, to fill...

That setAttrib() protects names during its own processing is another thing. What I meant is that after setAttrib() finishes, the argument "names" that has been passed to it may not...

Thanks for the report. Package authors of course still need to care about memory protection in their C (or C++) code and follow what Writing R Extensions says about it....

The problem with checking lightgbm has been caused by a bug in rchk. I've fixed it in the llvm14 branch and rebuilt the docker container on rhub. I've also fixed...